Wow, you are quick to respond! Excellent service, thanks.
Did exactly as you suggested, and:
Searched for: gdxmfldr and found it in: C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy\Recovery\Virtomondedll9.zip
Searched for: alxytfuy, and it found it in: C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy\Recovery\Virtomondedll1.zip
Hope that helps!
James
Hello
CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES
Please go here:
The Spy Killer Forum
- Click on "New Topic"
- Put your name, e-mail address, and this as the title: "Vundo for nosirrah"
- Put a link to this topic in the description box.
- Then next to the file box, at the bottom, click the browse button, then navigate to this file:
- C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy\Recovery\Virtomondedll9.zip
- Click Open.
- Click Post.
Thank you!
Repeat it for this file
C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy\Recovery\Virtomondedll1.zip
Let me know how that goes
Who watches The Watchmen?
It's like you said. All I am is what I'm going after.
~Scratch~
Done that bit
Hi, I’ve uploaded those files to the Spy Killer Forum
Again, thanks for all your help!
Cheers
James
Hello
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Also post a new DSS log
Who watches The Watchmen?
It's like you said. All I am is what I'm going after.
~Scratch~
OK, have downloaded Anti-Malware and run it, and it seemed to delete the detected problem files ok. The log file is shown below. Then ran DSS again, and main.txt log file shown below in next post. Thanks.
Malwarebytes' Anti-Malware 1.10
Database version: 597
Scan type: Full Scan (C:\|)
Objects scanned: 107627
Time elapsed: 58 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 39
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 52
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{50a1aa3b-80e3-15cf-0f1a-83a98ad98fe9} (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7f68785e-4894-7bb2-5fde-cc3eee2ebc82} (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e698e657-649e-5d40-752d-9a3b78ea832a} (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{fe3af205-54df-b146-1f0e-c9262829ed18} (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingtool.browserwatcher (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingtool.browserwatcher.1 (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0daee015-a728-c212-9b8f-298391b8328e} (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingtool.precachebrowserhost (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingtool.precachebrowserhost.1 (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aaf21892-e4d8-e8ed-e36a-3a91e3b2db29} (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingtool.pornpro_bho (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingtool.pornpro_bho.1 (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d0661233-42d4-f7f1-80e1-8a9e0e99e71d} (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84d39d08-a551-a4e5-c8d1-3327573d4640} (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\BrowsingTool (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BrowsingTool.DLL (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingTool.BrowserWatcher (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingTool.BrowserWatcher.1 (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingTool.PornPro_BHO (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingTool.PornPro_BHO.1 (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingTool.PrecacheBrowserHost (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingTool.PrecacheBrowserHost.1 (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45c2a50f-8f4a-496e-af02-d0207525bf5a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMcfa4a987 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\IA (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\Program Files\Ipwindows (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\MapEDC (Adware.Maxifiles) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Storageprotector (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Storageprotector\Data (Rogue.Storageprotector) -> Quarantined and deleted successfully.
Files Infected:
C:\Deckard\System Scanner\20080406083322\backup\DOCUME~1\IBMUSE~1\LOCALS~1\Temp\dlwixoql.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080406083322\backup\DOCUME~1\IBMUSE~1\LOCALS~1\Temp\dswtmhmj.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080406083322\backup\DOCUME~1\IBMUSE~1\LOCALS~1\Temp\mofugclq.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080406083322\backup\DOCUME~1\IBMUSE~1\LOCALS~1\Temp\outerinfo.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080406083322\backup\DOCUME~1\IBMUSE~1\LOCALS~1\Temp\qrjatydi.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080406083322\backup\DOCUME~1\IBMUSE~1\LOCALS~1\Temp\rhvqsuwb.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080406083322\backup\DOCUME~1\IBMUSE~1\LOCALS~1\Temp\urclqecd.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080406083322\backup\DOCUME~1\IBMUSE~1\LOCALS~1\Temp\vntmrykt.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080406083322\backup\DOCUME~1\IBMUSE~1\LOCALS~1\Temp\NI.UGES_0001_N122M0502\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\StorageProtector\strpmon.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Program Files\MapEDC\MapEDC.exe (Trojan.Stars) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080406-082358-470.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Windows Media Player\lafuvehi.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Windows Media Player\lafuvehi179.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Windows Media Player\lafuvehi295.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Windows Media Player\lafuvehi505.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Windows Media Player\lafuvehi57.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Windows Media Player\lafuvehi750.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Windows Media Player\lafuvehi803.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP301\A0114469.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP301\A0114470.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP301\A0114471.exe (Trojan.Matcash) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP301\A0114472.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP301\A0114473.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP302\A0114604.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\VundoFix Backups\tk58.exe.bad (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\b152.exe_old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b153.exe_old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b154.exe_old (Trojan.Matcash) -> Quarantined and deleted successfully.
C:\WINDOWS\IA\asappsrv.dll (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\WINDOWS\IA\command.exe (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\WINDOWS\IA\KE.vbs (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hp17\kipon89104.exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nu31\marbdrive91.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rc44\revbodr3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04062008_082802\Program Files\Common Files\girabofu89104.dll (Adware.TTC) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04062008_082802\Program Files\JavaCore\JavaCore.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04062008_082802\Program Files\NoDNS\NoDNS.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MapEDC\IDE.stt (Adware.Maxifiles) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Storageprotector\Data\em (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Storageprotector\Data\oid (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Storageprotector\Data\user (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\outlook\p.zip (Worm.Alcra) -> Quarantined and deleted successfully.
C:\Program Files\outlook\v.tmp (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\b.exe (Worm.Alcra) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Program Files\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_RON_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\b116.exe (Heuristics.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\IBM USER\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.
and DSS's main.txt
Deckard's System Scanner v20071014.68
Run by IBM USER on 2008-04-07 12:47:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Drive C: has 1.53 GiB (less than 15%) free.
-- HijackThis (run as IBM USER.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:39, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\TpScrLk.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\IBM USER\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\IBMUSE~1.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\System32\TpScrLk.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
--
End of file - 9337 bytes
-- Files created between 2008-03-07 and 2008-04-07 -----------------------------
2008-04-07 08:18:59 0 d-------- C:\Documents and Settings\IBM USER\Application Data\Malwarebytes
2008-04-07 08:18:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 08:18:53 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-04 14:00:55 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-04 14:00:54 2541 --a------ C:\WINDOWS\unins000.dat
2008-03-11 20:49:23 0 d-------- C:\Documents and Settings\IBM USER\Application Data\Diino
2008-03-11 20:49:14 0 d-------- C:\Program Files\Diino
-- Find3M Report ---------------------------------------------------------------
2008-04-07 12:42:09 0 d-------- C:\Program Files\Common Files
2008-04-07 12:42:08 0 d--hs---- C:\Program Files\outlook
2008-03-13 08:15:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-27 22:09:36 0 d-------- C:\Program Files\DNA
2008-02-27 22:03:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-27 22:03:15 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-02-27 21:21:13 0 d-------- C:\Program Files\Trend Micro
2008-02-26 16:56:24 0 d-------- C:\Documents and Settings\IBM USER\Application Data\LimeWire
2008-02-23 20:01:50 32 --a------ C:\Documents and Settings\IBM USER\Application Data\ntl.ini
2008-02-23 16:33:29 0 d-------- C:\Program Files\NoteTab Light
2008-02-16 17:15:50 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-02-12 16:50:56 0 d-------- C:\Program Files\iTunes
2008-02-12 16:50:41 0 d-------- C:\Program Files\iPod
2008-02-12 16:49:30 0 d-------- C:\Program Files\QuickTime
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [12/10/2001 17:32 C:\WINDOWS\system32\S3Tray2.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [15/02/2006 09:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/02/2006 09:16]
"BluetoothAuthenticationAgent"="irprops.cpl" [04/08/2004 19:56 C:\WINDOWS\system32\irprops.cpl]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [26/07/2006 05:19]
"TPKMAPMN"="C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe" [29/10/2005 14:04]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [26/05/2005 16:00]
"UC_SMB"="" []
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [16/10/2002 20:59]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [08/01/2003 09:52]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [15/10/2004 04:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [24/09/2004 07:41]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [20/04/2005 20:38]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [20/04/2005 20:38]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [20/04/2005 20:38]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [18/04/2006 07:59]
"AGRSMMSG"="AGRSMMSG.exe" [28/06/2003 03:53 C:\WINDOWS\AGRSMMSG.exe]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [29/10/2005 14:04]
"TPKBDLED"="C:\WINDOWS\System32\TpScrLk.exe" [09/10/2002 17:28]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [07/08/2003 11:08]
"TpShocks"="TpShocks.exe" [08/11/2005 06:14 C:\WINDOWS\system32\TpShocks.exe]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" []
"WMAAD"="C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe" [17/02/2007 05:41]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [05/02/2002 10:32]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [13/06/2007 07:16]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 22:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/02/2008 13:18]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 21:16]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [08/01/2003 09:52]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [18/02/1999 08:05:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 06/07/2005 18:45 28672 C:\WINDOWS\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 01/12/2005 15:16 24576 C:\WINDOWS\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvur.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06ae4071-5ca1-11db-82b7-806d6172696f}]
AutoRun\command- D:\setup.exe
-- End of Deckard's System Scanner: finished at 2008-04-07 12:48:00 ------------
Hello
Backup Your Registry with ERUNTClick Erunt.exe to backup your registry to the folder of your choice.
- Please use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.php- For version with the Installer:
Use the setup program to install ERUNT on your computer- For the zipped version:
Unzip all the files into a folder of your choice.
Note: to restore your registry, go to the folder and start ERDNT.exe
Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.
Code:Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06ae4071-5ca1-11db-82b7-806d6172696f}] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\ 00
Then double click on the fix.reg file, when it prompts to merge click "Yes".
Reboot and post a new DSS log and tell me how your PC is running
Who watches The Watchmen?
It's like you said. All I am is what I'm going after.
~Scratch~
Hello,
I did as requested, and it went well, up 'til I double clicked on the fix.reg txt file I'd created. Windows came up with an error message:
Registry Editor
Cannot import C:\Documents and Settings\IBM USER\Desktop\fix.reg: The specified file is not a registry script. You can only import binary registry files from within the registry editor.
I had a quick look to see if I could find the registry editor (is it in the control panel?), but thought I'd be best asking you! Thanks for all your efforts!
James
Do this
Please download DAFT and save it to your desktop:
- Double-click the daft.exe icon.
- Click on the Scan button.
- Select everything it is displaying there
- Click the Fix button.
- Then rescan with DAFT again - it should say now that "All associations are OK"
- Close DAFT if you receive that message. This means that it is fixed now.
Then try it
If it fails, then do this(you may need to host this file at mediafire.com)
Please download RUNSCANNER to your desktop and run it.
- When the first page comes up select Beginner Mode
- On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
- At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
- On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log
- Call the file "Select a file name here" and save it to your desktop. You will see the .run file on your desktop. Please zip the .run file by right clicking and selecting send to Zip file
Then upload that as an attachment in your next post.
Who watches The Watchmen?
It's like you said. All I am is what I'm going after.
~Scratch~
Hello,
I've downloaded and run the daft.exe, and it worked fine. - i.e gave the results: "All associations are fine" at the end. Great!
The computer seems to be running better than it has in a long time, I think all the faults I noticed have gone. Whats next?
Cheers
James
Posting Permissions
